This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

I want to scan IP address of device which I forgot . how to scan IP of that device using wireshark 1.0.0

asked 18 Jan '16, 20:26

Kumudnitp's gravatar image

Kumudnitp
6112
accept rate: 0%


It's not clear from your question exactly what you're trying to accomplish. The following should get you going in the right direction.

First, Wireshark 1.0.0 is a very old version. I recommend you upgrade to the latest version (2.0.1 at this time). Wireshark is free, and easy to install. You can get the latest copy from wireshark.org.

Once you have the current version, instructions for How To Set Up a Capture can be found at https://wiki.wireshark.org/CaptureSetup

permanent link

answered 18 Jan '16, 21:25

griff's gravatar image

griff
36139
accept rate: 10%

I assume it is the usual case of a blackbox which you've taken from the shelf after a year or more and want to connect to it. If so, it all depends whether that box was configured to want something from the network (like e.g. NTP) or not after being powered up. If it did, take a switch or hub, connect your capture device's NIC to one of its ports and let it go up so that you could capture the other device's traffic as soon as its own Ethernet port gets up. Then start capturing, and then connect the blackbox to another port of the switch/hub. And now wait for an ARP request which is not sent from capturing device's own MAC address. That ARP request, if it ever comes, will indicate the IP address of the blackbox and usually ask for the default gateway's MAC address, so you may be able to guess the subnet mask from the two taken together.

If it is a router, this may work but still be useless because the router would send ARP requests at its WAN interface but management access through the WAN interface would be blocked.

If so, Wireshark and passive watching would not be enough and you'd have to use some tool actively attempting to log in or at least ping. Broadcast ping may help speed this process up if the device's IP stack responds to broadcast pings, which is not always the case. So if you have another device of the same type which you can use to check this, it may help reduce the time you'll need.

permanent link

answered 19 Jan '16, 00:49

sindy's gravatar image

sindy
6.0k4851
accept rate: 24%

edited 19 Jan '16, 03:58

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×178
×18
×15
×4

question asked: 18 Jan '16, 20:26

question was seen: 6,433 times

last updated: 19 Jan '16, 03:58

p​o​w​e​r​e​d by O​S​Q​A